Vulnerabilities > CVE-2019-11618 - Insecure Default Initialization of Resource vulnerability in Doorgets CMS 7.0

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

doorgets

CWE-1188

critical

NVD

Published: 2019-04-30

Updated: 2020-08-24

Summary

doorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this vulnerability to gain administrator privileges for the creation and modification of articles via an H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 access_token in a uri=blog&action=index&controller=blog action to /api/index.php.

Vulnerable Configurations

Part	Description	Count
Application	Doorgets Doorgets Doorgets CMS 7.0	1

Common Weakness Enumeration (CWE)

CWE-1188 - Insecure Default Initialization of Resource

References

https://github.com/itodaro/doorGets_cve